CVE-2006-6364

Name of the Vulnerable Software and Affected Versions Inside Systems Mail (ISMail) versions 2.0 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the error parameter in the error.php file.

Recommendations For versions 2.0 and earlier, consider disabling the error.php file or restricting access to it until a fix is available. As a temporary workaround, avoid using the error parameter in the error.php file to minimize the risk of exploitation.